DDoS attack halts heating in Finland amidst winter

A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern Finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings.

Both of the buildings where managed by Valtia. The company who is in charge of managing the buildings overall operation and maintenance. According to Valtia CEO, Simo Rounela, in both cases the systems that controlled the central heating and warm water circulation were temporarily disabled.

In the city of Lappeenranta, there were at least two buildings whose systems were knocked down by the network attack. In a DDoS attack the network is overloaded by traffic from multiple locations with the aim of causing the system to fail.

In an interview with Etelä-Saimaa, Rounela estimated the attack in Eastern Finland lasted from late October to Thursday the 3rd of November. The systems that were attacked tried to respond to the attack by rebooting the main control circuit. This was repeated over and over so that heating was never working.

At this time of the year temperatures in Finland are below freezing and a long-term disruption in heat will cause both material damage as well as the need to relocate residents elsewhere. Thankfully in this case the fix was easy to do by limiting network traffic.

Building Automation security is not a priority

The devices under attack were built by the company Fidelix. According to company representative Antti Koskinen, there have been other attacks in the country before the case in Lappeenranta. He also states to Helsingin Sanomat that when people want convenience and ease of use it often opens up vulnerabilities.

Building maintenance specialist Sami Orasaari confirms that building automation security is often neglected. Many housing companies or private owners do not want to invest in network firewalls, and that security in general tends to be lax. In this case the devices targeted were attacked because they've been found to be vulnerable and the attackers have scanned network to find more of them.

The cause of the issues were not apparent to staff handling regular maintenance tasks, because they have little or no training related to network attacks against the systems they routinely operate. The attack comes following a series of attacks done using so-called Internet of Things (IoT) devices. The Mirai botnet is one example that has been in the news lately.

IoT embeds connectivity to many house-hold electronics such as fridges, lamps and washing machines. Manufacturers and developers of these products are often ill-equipped and compromise by using tools not suitable for high availability automation systems and have limited motive for long term maintenance.

We are apparently already living the age of machine wars as everyday things such as surveillance cameras are used to cause material, and possibly, bodily harm to citizens by attacking critical infrastructure. In the worst case the attack could come from the same exact network.